We have four firewalls in our network. Two are core firewalls in HA, and another two are production firewalls in HA. As of now, the prodcution firewall acts like a hub. The core firewall is the DHCP IP release interface to the prdoction firewal.
what im asking how can i use the production firewall to secure the network from external network? cctv or office network.
please share you configurate details on the both the firewall
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What is a "production firewall"? What is "DHCP IP release interface"? What exactly are you asking? What "cctv or office network"? Share what configuration details exactly?
Are you wanting to collapse these firewalls into a single pair? Sure that would probably work. You could also use VDOMs if needed.
The "Prod FW" you mention is the internal FW according to the schematic. So if you want to protect/secure your network from external threats, that configuration would make more sense to be made on the "Core FW" which are external FWs and are exposed to internet access.
By adding security to the Prod-FW you would assume that the security on the Core-FW has already failed and your network has been breached -> and in that case Prod-FW security profiles would only protect whatever is behind this HA Cluster. (not the core switch and the server connected to it)
That being said, what exactly are you trying to secure from?
The FW by default will block any not-allowed traffic by a policy so as long as you filter and configure only correct FW policies overall the device itself should be secure.
If you have extra specifications then that would be another discussion.
General security hardening tips can be found on the below link:
https://docs.fortinet.com/document/fortigate/7.6.0/best-practices/555436/hardening
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.